On Sat, Feb 7, 2015 at 1:04 PM, Anders Rundgren < anders.rundgren.net@gmail.com> wrote: > > I'm little bit wondering how to deal with merchants and services who use > static > credit card information stored in their systems. start thinking in terms of finer-grained "purchase order numbers" instead of bearer-credential credit card credentials. Cass Customer wants credit at Mike Merchant? Instead of Cass's bearer gizmo being a payment instrument, her bearer gizmo is something that facilitates setting up a payable account to Mike on Cass's side and a receivable from Cass on Mike's side, but the receivable is underwritten so Mike doesn't have any more default risk than he would with Visa. After the handshake, Cass shops at Mike's and charges everything to her Mike's account. The delta between the above and the grocery shopping I just did would be, I would have paid with my "Chopper Shopper" card in addition to flashing it to get the discount price on the loaf of bread. On the other hand, that would create liability as store loyalty cards would become payment instruments. Reduced if the cashier gets to see a picture of whoever is expected to be using that loyalty card when it is presented. We have massive disk drives and they're practically free. We can do this. Anyway, the answer to the question is, add another layer of abstraction. Even if thieves do manage to copy Mike's list of purchase order numbers good for entering payments due to Mike, they aren't any good to anyone else.
Received on Saturday, 7 February 2015 20:14:24 UTC